68606 2011-09-22 03:22:15 -0700 32-bit call code clobbers the function cell tag 2011-09-22 04:04:52 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 68557 1 fpizlo webkit-unassigned barraclough fpizlo ossy oldest_to_newest 471458 0 fpizlo 2011-09-22 03:22:15 -0700 The change to use emitJumpIfNotType results in problems, because this function is often called (in 32-bit mode) with the tag register as the scratch register. If the jump is taken, the slow path code then expects the tag register to be intact, and passes the no-longer-valid tag to a stub function. This results in failures when attempting to make InternalFunction calls. 471459 1 108305 fpizlo 2011-09-22 03:24:22 -0700 Created attachment 108305 the patch 471468 2 108305 ossy 2011-09-22 04:02:36 -0700 Comment on attachment 108305 the patch r+ to go ahead. I tested it on a 32-bit Qt environment and it works for me. 471470 3 108305 ossy 2011-09-22 04:04:45 -0700 Comment on attachment 108305 the patch Clearing flags on attachment: 108305 Committed r95707: <http://trac.webkit.org/changeset/95707> 471471 4 ossy 2011-09-22 04:04:52 -0700 All reviewed patches have been landed. Closing bug. 108305 2011-09-22 03:24:22 -0700 2011-09-22 04:04:45 -0700 the patch fix32bit_patch_1.diff text/plain 2064 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTU3MDYpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTggQEAK KzIwMTEtMDktMjIgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworICAgICAgICAz Mi1iaXQgY2FsbCBjb2RlIGNsb2JiZXJzIHRoZSBmdW5jdGlvbiBjZWxsIHRhZworICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Njg2MDYKKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKyAgICAgICAgCisgICAgICAgIFRoaXMgaXMgYSBt aW5pbWFsaXN0aWMgZml4OiBpdCBzaW1wbHkgZW1pdHMgY29kZSB0byByZXN0b3JlIHRoZQorICAg ICAgICBjZWxsIHRhZyBvbiB0aGUgc2xvdyBwYXRoLCBpZiB3ZSBrbm93IHRoYXQgd2UgZmFpbGVk IGR1ZSB0bworICAgICAgICBlbWl0Q2FsbElmTm90VHlwZS4KKworICAgICAgICAqIGppdC9KSVRD YWxsMzJfNjQuY3BwOgorICAgICAgICAoSlNDOjpKSVQ6OmNvbXBpbGVPcENhbGxWYXJhcmdzU2xv d0Nhc2UpOgorICAgICAgICAoSlNDOjpKSVQ6OmNvbXBpbGVPcENhbGxTbG93Q2FzZSk6CisKIDIw MTEtMDktMjEgIEdhdmluIEJhcnJhY2xvdWdoICA8YmFycmFjbG91Z2hAYXBwbGUuY29tPgogCiAg ICAgICAgIEFkZCBtaXNzaW5nIGFkZFB0ci0+YWRkMzIgbWFwcGluZyBmb3IgWDg2LgpJbmRleDog U291cmNlL0phdmFTY3JpcHRDb3JlL2ppdC9KSVRDYWxsMzJfNjQuY3BwCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9qaXQvSklUQ2FsbDMyXzY0LmNwcAkocmV2aXNpb24gOTU3 MDMpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaml0L0pJVENhbGwzMl82NC5jcHAJKHdvcmtp bmcgY29weSkKQEAgLTkzLDcgKzkzLDEwIEBAIHZvaWQgSklUOjpjb21waWxlT3BDYWxsVmFyYXJn c1Nsb3dDYXNlKEkKICAgICBpbnQgY2FsbGVlID0gaW5zdHJ1Y3Rpb25bMV0udS5vcGVyYW5kOwog CiAgICAgbGlua1Nsb3dDYXNlSWZOb3RKU0NlbGwoaXRlciwgY2FsbGVlKTsKKyAgICBKdW1wIG5v dENlbGwgPSBqdW1wKCk7CiAgICAgbGlua1Nsb3dDYXNlKGl0ZXIpOworICAgIG1vdmUoVHJ1c3Rl ZEltbTMyKEpTVmFsdWU6OkNlbGxUYWcpLCByZWdUMSk7IC8vIE5lZWQgdG8gcmVzdG9yZSBjZWxs IHRhZyBpbiByZWdUMSBiZWNhdXNlIGl0IHdhcyBjbG9iYmVyZWQuCisgICAgbm90Q2VsbC5saW5r KHRoaXMpOwogCiAgICAgSklUU3R1YkNhbGwgc3R1YkNhbGwodGhpcywgY3RpX29wX2NhbGxfTm90 SlNGdW5jdGlvbik7CiAgICAgc3R1YkNhbGwuYWRkQXJndW1lbnQocmVnVDEsIHJlZ1QwKTsKQEAg LTI3Miw4ICsyNzUsOSBAQCB2b2lkIEpJVDo6Y29tcGlsZU9wQ2FsbFNsb3dDYXNlKEluc3RydWN0 CiAgICAgZW1pdEp1bXBTbG93VG9Ib3QoanVtcCgpLCBPUENPREVfTEVOR1RIKG9wX2NhbGwpKTsK IAogICAgIC8vIFRoaXMgaGFuZGxlcyBob3N0IGZ1bmN0aW9ucwotICAgIGNhbGxMaW5rRmFpbE5v dE9iamVjdC5saW5rKHRoaXMpOwogICAgIGNhbGxMaW5rRmFpbE5vdEpTRnVuY3Rpb24ubGluayh0 aGlzKTsKKyAgICBtb3ZlKFRydXN0ZWRJbW0zMihKU1ZhbHVlOjpDZWxsVGFnKSwgcmVnVDEpOyAv LyBSZXN0b3JlIGNlbGwgdGFnIHNpbmNlIGl0IHdhcyBjbG9iYmVyZWQuCisgICAgY2FsbExpbmtG YWlsTm90T2JqZWN0LmxpbmsodGhpcyk7CiAKICAgICBKSVRTdHViQ2FsbCBzdHViQ2FsbCh0aGlz LCBvcGNvZGVJRCA9PSBvcF9jb25zdHJ1Y3QgPyBjdGlfb3BfY29uc3RydWN0X05vdEpTQ29uc3Ry dWN0IDogY3RpX29wX2NhbGxfTm90SlNGdW5jdGlvbik7CiAgICAgc3R1YkNhbGwuYWRkQXJndW1l bnQoY2FsbGVlKTsK